QwikSec

Security Database

CVE

CWE

Training

CVE-2006-1221

Published: Mar 14, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. NOTE: since this issue is dependent on the existence of a vulnerability in a separate product (weak permissions of executables or libraries, or the execution of malicious code), perhaps it should not be included in CVE.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

zonealarm-path-gain-privileges(25097)

vdb-entry

x_refsource_XF

http://reedarvin.thearvins.com/20060308-01.html

x_refsource_MISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

20060309 Re: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000

mailing-list

x_refsource_BUGTRAQ

20060309 Statement Regarding Reported Local Escalation of Privileges Vulnerability for ZoneAlarm

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_VUPEN

20060308 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.